subject:"\[Bug 1779890\] Re\: Nautilus does not use a valid Kerberos ticket when accessing Samba share"

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2023-03-21 Thread Launchpad Bug Tracker

This bug was fixed in the package tracker-miners - 3.4.3-1ubuntu1

---
tracker-miners (3.4.3-1ubuntu1) lunar; urgency=medium

  [ Denison Barbosa ]
  * debian/patches/ubuntu-fix-tracker-extract-start-order.patch:
Fix tracker-extract.service WantedBy target so that gvfsd has
access to KRB5CCNAME. (LP: #1779890)

 -- Didier Roche   Tue, 21 Mar 2023 15:04:35 +0100

** Changed in: tracker-miners (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to tracker-miners in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2023-03-21 Thread Didier Roche-Tolomelli

** Package changed: gvfs (Ubuntu) => tracker-miners (Ubuntu)

** Changed in: tracker-miners (Ubuntu)
 Assignee: (unassigned) => Denison Barbosa (justdenis)

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2023-03-20 Thread Denison Barbosa

So, I was investigating this issue for a while and after some debugging of 
journalctl --user and dbus, it's possible to see that the gvfs-daemon.service 
was being started too early due to another tracker: 
"tracker-extract-3.service", which has WantedBy=default.target. This default 
value of default.target is graphical.target, and that is also too early for 
gvfsd to be able to get the correct environment.
So, after disabling tracker-extract-3.service, changing its Wantedby to 
gnome-session.target and then reenabling it, the gvfsd service is now started 
with the right environment.

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2023-02-22 Thread renbag

Hi Sergio,

I tried your workaround, but the KRB5CCNAME environment variable is not
set, because I don't use krb5-user and libpam-krb5. In my case the
authentication is made by sssd-krb5 and the kerberos ticket is stored in
/tmp/krb5cc_...

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2023-02-22 Thread Sergio Costas

I found something odd... Setting KRB5CCNAME in /etc/environment does
work, but setting "default_ccache_name" in /etc/krb5.conf doesn't. In
theory, when KRB5CCNAME isn't set, kerberos should use that value for
the cache file. And although the command line tools do use it, it seems
that gvfsd doesn't...

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2023-02-17 Thread Sergio Costas

If you try my line, be sure to create the folder ~/kerberos before, so
maybe a better alternative would be the line

KRB5CCNAME=${HOME}/.config/krb5cc_${LOGNAME}

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2023-02-17 Thread Sergio Costas

I found a workaround for this: to define the KRB5CCNAME environment
variable at /etc/environment.d/91kerberos.conf

In my case, I store the cache file at ~/kerberos, so I set the content
of that file to:

KRB5CCNAME=${HOME}/kerberos/krb5cc_${LOGNAME}

So, if my username is "username", this results in the environment
variable set to

/home/username/kerberos/krb5cc_username

After doing this, the tickets are preserved between reboots.

Can anybody test this to ensure that it fixes the problem, please?

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-11-08 Thread Sebastien Bacher

** Tags added: dt-798

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-10-06 Thread michaelwaterman

Is this bug still being worked on? I'm running into the issue. Took me a
couple of days before I found this bug here. I've applied the workaround
from Val (vk1266) listed on 2020-05-28 and that works, problem is not
visible anymore.

Can I be of assistance in anyway? Have an environment where I can repro
the issue consistently.

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-05-20 Thread Bug Watch Updater

** Changed in: gvfs
   Status: Unknown => New

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-04-03 Thread Matthew Ruffell

Hi renbag,

Thanks for attaching your smb.conf and sssd.conf, I will try add them
into my reproducer and see if I get closer to seeing the problem.

Maybe when you log in, smbd mounts the samba shares to
/home/aduser/{Public},{Shared} before kerberos manages to acquire a new
ticket and place it in /tmp, so gvfs doesn't get KRB5CCNAME set.

Maybe on your faster system, it can get the kerberos ticket before smbd
starts mounting shares.

This is still a race condition where gvfs is starting too early though.

Let me re-adjust my reproducer, and I will let you know how I get on.

Thanks,
Matthew

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-04-01 Thread renbag

I tried this to check if the problem is really the slow writing of the
kerberos ticket to the disk:

disable the workaround in /etc/systemd/user/gvfs-daemon.service
reboot the slow machine
connect to the slow machine with ssh as "aduser" (a kerberos ticket is acquired 
and written to /tmp/krb5cc_1136602666_6v25tM and gvfsd is started)
from the ssh session: killall gvfsd
login as aduser in the normal graphical console of the slow machine

After login, Nemo is able to browse the network without asking username and 
password.
Note, however, that after login, the /tmp/krb5cc_1136602666_6v25tM ticket is 
replaced by a new one and it is not possible to browse the network every time a 
new reboot and a new login is made.

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-03-31 Thread renbag

** Attachment added: "AD_installed_packages.txt"
   
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1779890/+attachment/5575198/+files/AD_installed_packages.txt

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-03-31 Thread renbag

** Attachment added: "smb.conf"
   
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1779890/+attachment/5575197/+files/smb.conf

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-03-31 Thread renbag

** Attachment added: "sssd.conf"
   
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1779890/+attachment/5575196/+files/sssd.conf

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-03-31 Thread renbag

** Attachment added: "1641_environ_slow-machine_with-workaround.txt"
   
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1779890/+attachment/5575194/+files/1641_environ_slow-machine_with-workaround.txt

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-03-31 Thread renbag

** Attachment added: "psauxf_slow-machine-with-workaroud.txt"
   
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1779890/+attachment/5575193/+files/psauxf_slow-machine-with-workaroud.txt

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-03-31 Thread renbag

** Attachment added: "psauxf_fast-machine-no-workaroud.txt"
   
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1779890/+attachment/5575195/+files/psauxf_fast-machine-no-workaroud.txt

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-03-31 Thread renbag

** Attachment added: "1274_environ_slow-machine_no-workaround.txt"
   
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1779890/+attachment/5575192/+files/1274_environ_slow-machine_no-workaround.txt

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-03-31 Thread renbag

** Attachment added: "psauxf_slow-machine-no-workaroud.txt"
   
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1779890/+attachment/5575188/+files/psauxf_slow-machine-no-workaroud.txt

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-03-31 Thread renbag

Hi Matthew,

I report the complete configuration of the machine in which I see the problem.
The machine is an Optiplex 745, with an Intel Core2 6320 CPU, 4 GB RAM and a 
rotational HD, which I use as a test box for Ubuntu 22.04.
It was joined to an AD domain with the "net ads join -U aduser" command and 
uses sssd for authentication and samba and winbind for sharing folders.

The minimun number of iterations needed for the
ExecStartPre=bash -c "for i in echo {1..20} ; do if [ $(env | grep KRB5CCNAME) 
== "" ]; then sleep 0.2 ; fi ; done"
command to work is 15, so it's a delay of about 3 s.

I normally do not see the bug in my personal workstation, which runs
Ubuntu 20.04 and is a much faster machine (Ryzen 5 with nvme SSD).

From the logs I can see that gvfsd is correctly started by systemd
--user also in all my cases; so I suspect that the problem is that, with
the slow machine, the kerberos ticket needed by gvfsd is actually
written to the hard disk with too much delay.

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-03-30 Thread Matthew Ruffell

Hi everyone, Fady, renbag,

I have been working on this bug on and off for a little while now, but I
am stuck because I can't reproduce what you are all seeing. Having a
reproducer will greatly speed up getting a fix created for this issue.

In my client gvfsd is always started via systemd --user, so I must be
configuring something differently. Can you try out my reproducer and let
me know what you are configuring differently?

Instructions to reproduce:

You will need a 20.04 server instance, and a 20.04 Desktop instance.

To set up the server:

1) Create a fresh 20.04 server instance
2) sudo apt update
3) sudo apt upgrade
4) sudo hostnamectl set-hostname samba-dc
5) sudo vim /etc/hosts
Add an entry with its IP address, e.g.:
192.168.122.199samba-dc samba-dc.example.com
6) sudo apt install -y samba smbclient winbind libpam-winbind libnss-winbind 
krb5-kdc libpam-krb5
Note: skip config of kerberos KDC.
7) sudo rm /etc/krb5.conf
8) sudo rm /etc/samba/smb.conf
9) sudo samba-tool domain provision --server-role=dc --use-rfc2307 
--dns-backend=SAMBA_INTERNAL --realm=samba-dc.EXAMPLE.COM --domain=SAMBA 
--adminpass=Password1
10) sudo cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
11) sudo systemctl mask smbd nmbd winbind
12) sudo systemctl disable smbd nmbd winbind
13) sudo systemctl stop smbd nmbd winbind
14) sudo systemctl unmask samba-ad-dc
15) sudo systemctl start samba-ad-dc
16) sudo systemctl enable samba-ad-dc
17) sudo reboot
18) sudo systemctl stop systemd-resolved
19) sudo systemctl disable systemd-resolved
20) cat << EOF >> /etc/resolv.conf
nameserver 192.168.122.199
search SAMBA
EOF
21) sudo reboot
22) host -t SRV _ldap._tcp.samba-dc.example.com
_ldap._tcp.samba-dc.example.com has SRV record 0 100 389 
samba-dc.samba-dc.example.com.
23) $ smbclient -L localhost -N
Anonymous login successful

Sharename   Type  Comment
-     ---
sysvol  Disk  
netlogonDisk  
IPC$IPC   IPC Service (Samba 4.13.17-Ubuntu)
SMB1 disabled -- no workgroup available
24) $ smbclient //localhost/netlogon -UAdministrator -c 'ls'
Enter SAMBA\Administrator's password: 
  .   D0  Mon Feb 28 04:23:22 2022
  ..  D0  Mon Feb 28 04:23:27 2022

9983232 blocks of size 1024. 7995324 blocks available
25) kinit administrator
Password for administra...@samba-dc.example.com: 
Warning: Your password will expire in 41 days on Mon Apr 11 04:23:27 2022
26) klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: administra...@samba-dc.example.com

Valid starting ExpiresService principal
02/28/22 04:32:47  02/28/22 14:32:47  
krbtgt/samba-dc.example@samba-dc.example.com
renew until 03/01/22 04:32:44
27)


Create a share:
28) sudo mkdir -p /srv/samba/Demo/
29) sudo vim /etc/samba/smb.conf
[Demo]
path = /srv/samba/Demo/
read only = no
30) sudo chmod 0770 /srv/samba/Demo/


Install a fresh 20.04.4 Desktop instance, and run the following:

31) sudo apt install realmd smbclient
32) sudo vim /etc/hosts
Add an entry with its IP address, e.g.:
192.168.122.199samba-dc samba-dc.example.com
33) sudo realm join --user=Administrator SAMBA-DC.EXAMPLE.COM
$ smbclient -U Administrator //samba-dc.example.com/demo
Enter WORKGROUP\Administrator's password: 
Try "help" to get a list of possible commands.
smb: \> ls
  .   D0  Mon Mar  7 15:20:30 2022
  ..  D0  Mon Mar  7 15:20:30 2022

9983232 blocks of size 1024. 7686220 blocks available
$ smbclient //samba-dc.example.com/demo -k
gensec_spnego_client_negTokenInit_step: Could not find a suitable mechtype in 
NEG_TOKEN_INIT
session setup failed: NT_STATUS_INVALID_PARAMETER

Now open Nautilus, add smb://samba-dc.example.com/demo as a share, and you will
be faced with a dialog box asking for username / password credentials. Close
Nautilus.

Let's get a kerberos ticket:

$ kinit administra...@samba-dc.example.com
Password for administra...@samba-dc.example.com: 
Warning: Your password will expire in 11 days on Mon 11 Apr 2022 16:23:27
$ smbclient //samba-dc.example.com/demo -k
Try "help" to get a list of possible commands.
smb: \> ls
  .   D0  Mon Mar  7 15:20:30 2022
  ..  D0  Mon Mar  7 15:20:30 2022

9983232 blocks of size 1024. 7616832 blocks available

34) Open Nautilus, add smb://samba-dc.example.com/demo as a share, and it will
open correctly using kerberos credentials.

When I look at my process list, gvfsd is where it is suppose to be, under the
systemd user session:

$ ps auxf
...
ubuntu  1207  0.5  0.2  19008 10128 ?Ss   12:12   0:00 
/lib/systemd/systemd --user
ubuntu  1208  0.0  0.0 179632  3544 ?S12:12   0:00  \_ (sd-pam)
ubuntu

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2022-03-30 Thread renbag

I see the same problem with Ubuntu 20.04 and 22.04, inside an Active Directory 
domain.
With slow machines (e.g. with rotational hard disks) it is always present; with 
fast machines (with SSDs) it is randomly present, maybe because it depends also 
on the time needed to contact the domain controller.

(I'm using a cinnamon desktop and I do not have ibus installed)
I have applied the following workaround:
copy /usr/lib/systemd/user/gvfs-daemon.service to 
/etc/systemd/user/gvfs-daemon.service
insert in the last file the following line, at the start of the [Service] 
section:

ExecStartPre=bash -c "for i in echo {1..20} ; do if [ $(env | grep
KRB5CCNAME) == "" ]; then sleep 0.2 ; fi ; done"

In this way it is possible to browse the network with Nemo or Nautilus,
without asking for user authentication.

When the workaround is not present I see this message in
/var/log/syslog:

Mar 30 10:30:36 pc000327 gvfsd[2656]: got no contact to IPC$
Mar 30 10:30:39 pc000327 gvfsd[2672]: Kerberos auth with 'aduser@WORKGROUP' 
(WORKGROUP\aduser) to access '10.1.0.107' not possible

(Here kerberos is not aware of the real domain name and tries the
generic WORKGROUP)

I report here also the relevant processes in the case of no workaround:

USER PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
...
root 977  0.0  0.4  78692 19508 ?Ss   12:52   0:00 
/usr/sbin/winbindd --foreground --no-process-group
root 985  0.0  0.2  78596 11168 ?S12:52   0:00 winbindd: 
domain child [PC000327]
root 989  0.1  0.7 105008 28716 ?Ss   12:52   0:00 
/usr/sbin/smbd --foreground --no-process-group
root 990  0.0  0.4  79840 17180 ?S12:52   0:00 winbindd: 
domain child [DOMAIN]
root 994  0.0  0.4  80464 16344 ?S12:52   0:00 winbindd: 
idmap child
root1002  0.0  0.5  97132 20524 ?S12:52   0:00 
/usr/lib/x86_64-linux-gnu/samba/samba-bgqd --ready-signal-fd=48 
--parent-watch-fd=12 --debuglevel=0 -F
root1014  1.2  2.5 153464 99180 ?S12:52   0:01 
/usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files
root1015  0.0  0.3  98056 14612 ?S12:52   0:00 
/usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --logger=files
root1021  0.1  0.2  57304  8144 ?Ss   12:52   0:00 
/lib/systemd/systemd-logind
root1121 15.2  2.7 272756 108420 ?   S12:52   0:18 
/usr/libexec/sssd/sssd_be --domain addomain.it --uid 0 --gid 0 --logger=files
root1213  0.0  0.2 190492 11168 ?Sl   12:53   0:00 lightdm 
--session-child 12 19
root1271  0.0  0.4 138968 16544 ?Ss   12:53   0:00 
/usr/libexec/sssd/sssd_pac --logger=files --socket-activated
aduser  1279  0.5  0.2  17388 10136 ?Ss   12:53   0:00 
/lib/systemd/systemd --user
aduser  1292  0.6  0.1  29736  5824 ?Ss   12:53   0:00 
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile 
--systemd-activation --syslog-only
aduser  1294  0.0  0.1 241124  7680 ?Sl   12:53   0:00 
/usr/bin/gnome-keyring-daemon --daemonize --login
aduser  1298  0.1  0.2 240844  8672 ?Ssl  12:53   0:00 
/usr/libexec/gvfsd
aduser  1305  0.0  0.1 380884  7012 ?Sl   12:53   0:00 
/usr/libexec/gvfsd-fuse /run/user/1136602666/gvfs -f
aduser  1314  0.6  0.6 376912 27500 ?Ssl  12:53   0:00 
cinnamon-session --session cinnamon
aduser  1326  1.5  0.6 707460 26600 ?SNsl 12:53   0:00 
/usr/libexec/tracker-miner-fs-3
aduser  1372  0.0  0.2 325748 10224 ?Ssl  12:53   0:00 
/usr/libexec/gvfs-udisks2-volume-monitor

and when the workaround is present:

USER PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
...
root 873  0.4  2.5 153440 98936 ?S12:43   0:01 
/usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files
root 874  0.0  0.3  98068 14344 ?S12:43   0:00 
/usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --logger=files
root 885  0.0  0.3  70704 15060 ?Ss   12:43   0:00 
/usr/sbin/nmbd --foreground --no-process-group
root 973  0.0  0.4  78692 19632 ?Ss   12:43   0:00 
/usr/sbin/winbindd --foreground --no-process-group
root 981  0.0  0.2  78596 11108 ?S12:43   0:00 winbindd: 
domain child [PC000327]
root 982  0.0  0.4  79844 17164 ?S12:43   0:00 winbindd: 
domain child [DOMAIN]
root 986  0.0  0.7 105008 28736 ?Ss   12:43   0:00 
/usr/sbin/smbd --foreground --no-process-group
root1001  0.0  0.4  80464 16344 ?S12:43   0:00 winbindd: 
idmap child
root1004  0.0  0.5  97132 20376 ?S12:43   0:00 
/usr/lib/x86_64-linux-gnu/samba/samba-bgqd --ready-signal-fd=48 
--parent-watch-fd=12 --debuglevel=0 -F
root1010  0.0  0.2 249880  8900 ?Ssl  12:43   0:00 
/usr/libexec/accounts-daemon
root1013  0.0  0.2  57312  7968 ?Ss   12:43   0:00

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2020-11-20 Thread Julien Blanc

> It's being D-Bus activated by things early in the startup of the
> session. By disabling tracker or whatever you are stopping that D-Bus
> activation.

Indeed, i've seen that. But i actually intended to say tracker, not
gvfs.

I see little point in starting tracker before gnome-session. But i'm
probably missing something.

Regards,

Julien

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

Re: [Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2020-11-17 Thread Iain Lane

On Tue, Nov 17, 2020 at 07:50:20AM -, Julien Blanc wrote:
> Same issue here.
> 
> gvfsd is started by tracker-miner-fs. Disabling it made it work (note
> that i also made the /etc/pam/systemd-user pam_sss change), ie gvfsd now
> correctly has access to the kerberos token.
> 
> I'm wondering why gvfsd is started by systemd-user and not gnome-
> session. Changing that may be an acceptable workaround until a better
> solution is found.

It's being D-Bus activated by things early in the startup of the 
session. By disabling tracker or whatever you are stopping that D-Bus 
activation.

Cheers,

-- 
Iain Lane  [ i...@orangesquash.org.uk ]
Debian Developer   [ la...@debian.org ]
Ubuntu Developer   [ la...@ubuntu.com ]

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2020-11-16 Thread Julien Blanc

Same issue here.

gvfsd is started by tracker-miner-fs. Disabling it made it work (note
that i also made the /etc/pam/systemd-user pam_sss change), ie gvfsd now
correctly has access to the kerberos token.

I'm wondering why gvfsd is started by systemd-user and not gnome-
session. Changing that may be an acceptable workaround until a better
solution is found.

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2020-11-03 Thread Iain Lane

I think maybe sssd needs to learn how to set the environment in
"session" mode. I did ask some people at Canonical who know about this
project, hopefully they will have some advice soon. :)

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2020-11-02 Thread Val

@laney: I have disabled all my workarounds and placed "session optional 
pam_sss.so" just before "session optional pam_systemd.so" in 
/etc/pam.d/systemd-user on my Ubuntu 18.04.5 system. Checking 
"journalctl --user" for gfvs-daemon entries:

Nov 02 22:45:31 vk2011 dbus-daemon[6128]: [session uid=1000 pid=6128]
Activating via systemd: service name='org.gtk.vfs.Daemon' unit='gvfs-
daemon.service' requested by ':1.1' (uid=1000 pid=6121 comm="/usr/bin
/ibus-daemon --daemonize --xim --address u" label="unconfined")

And, KRB5CCNAME is not in the environment for gvfsd, unfortunately.

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2020-11-02 Thread Iain Lane

I think anything which causes gvfs to start "early enough" (before
gnome-session has a chance to upload the environment to systemd) will
trigger this problem.

So anything which starts from e.g. default.target, or maybe there are
things like ibus which are started outside of systemd's control.

I did a little bit of investigation on the upstream bug, and I think
what is happening is that we don't run pam_sss for systemd-user sessions
- it's not in /etc/pam.d/systemd-user or included in there e.g. via
common-session-noninteractive. That means that when the session starts
`systemd --user`, in its own `systemd-user` PAM session, the env var is
not instantiated there and so it's not available to stuff that starts
really early. Early - but not early enough - in the startup process,
gnome-session uploads environment variables into the systemd
environment. Anything which starts after that will get the right
environment. In other words this is a race condition.

Can someone experiencing this bug please undo all of the workarounds
applied, and then try adding "session optional pam_sss.so" into
/etc/pam.d/systemd-user just above the `pam_systemd.so` line? And then
check that KRB5CCNAME is set in gvfsd's environment.

I don't have an environment to fully test this so I was just able to do
it with a hack, but it worked that far for me.

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2020-10-29 Thread Val

I do not have tracker-miner-fs.service at all. My instance of gvfsd is
started by either ibus-daemon, or "systemd --user". Please see the
controversy at
https://gitlab.gnome.org/GNOME/gvfs/-/issues/481#note_948506

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2020-10-29 Thread Sebastien Bacher

The upstream bug got reopened now, could you try disabling the tracker
service and see if it resolves the issue for you?

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2020-10-27 Thread Sebastien Bacher

** Changed in: gvfs (Ubuntu)
   Importance: Low => High

** Tags added: desktop-lts-wishlist focal

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2020-10-26 Thread Val

The upstream determined that gvfsd as a systemd user session is starting
too early in Ubuntu, before the desktop enviroment variables are set.
Specifically, KRB5CCNAME env var is missing at the time gvfsd is
started, causing this bug. See the detailed report at
ttps://gitlab.gnome.org/GNOME/gvfs/-/issues/481

CentOS 8 and Fedora 32 apparently fixed this problem by changing the
default preset mechanism for user units, aligning them with the default
preset for system units:
https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units

Indeed, there is no good reason to treat user services differently than
system services with respect to the default presets. The default preset
for user units should be changed to "disable *".

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2020-06-03 Thread Sebastien Bacher

Thanks for reporting the issue upstream

** Changed in: gvfs (Ubuntu)
   Importance: Undecided => Low

** Changed in: gvfs (Ubuntu)
   Status: Confirmed => Triaged

** Also affects: gvfs via
   https://gitlab.gnome.org/GNOME/gvfs/-/issues/481
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2020-05-28 Thread Val

The problem persists in Ubuntu 20.04 as well.

I attempted to investigate this issue a little further, found that it is
caused by a race condition between gvfsd and ibus-daemon, and filed a
bug report upstream: https://gitlab.gnome.org/GNOME/gvfs/-/issues/481

My current workaround is hack, but it works:

Add this line to the [Service] section in /usr/lib/systemd/user/gvfs-
daemon.service:

ExecStartPre=bash -c "for i in echo {1..20} ; do ps ax | grep -q
\"^${USER}\b.*[i]bus-daemon\" || sleep 0.1 ; done"


** Bug watch added: gitlab.gnome.org/GNOME/gvfs/-/issues #481
   https://gitlab.gnome.org/GNOME/gvfs/-/issues/481

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2019-12-23 Thread semyon

As far as I know this problem comes from ubuntu 12.04 and still not resolved. 
Kerberos now works in ubuntu 18.04. 
This is ubuntu specific bug. Nautilus in Centos 7.x and 8 works fine with 
kerberos

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2019-09-02 Thread Cédric Bellegarde

Happens on Ubuntu 19.04 too.

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1779890] Re: Nautilus does not use a valid Kerberos ticket when accessing Samba share

2018-08-31 Thread Launchpad Bug Tracker

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: gvfs (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1779890

Title:
  Nautilus does not use a valid Kerberos ticket when accessing Samba
  share

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1779890/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

38 matches

Mail list logo